Cloud computing has been the buzzword in computer world of late. Most businesses executives and managers believe that there is a lot of potential in the cloud. The revolution of the PC has empowered individuals and brought democracy in technology in ways that are important and profound. As we embrace on that cloud, we should build on that success and preserve the act of personalizing technology and ensuring that data privacy is protected to the brim. Boundaries should be established so that it is clear who owns the data between the two entities handling the data. If the task of managing the data is left for public cloud providers how will the company be assured of data integrity
In a survey carried out by Microsoft, it was found out that 58 of the public of US and 86 of business leaders are excited about the possibilities and the potential of this new technology. As this is the case, there are many issues that are not usually covered when cloud computing is discussed. What will happen to the control of the software that usually run on the servers within the data centers of the organizations This issue has not been definitely defined. When cloud computing takes shape, it will be difficult to control the ownership of the applications and the data of the company. There will be paradigm shift where processes will be outsourced to third-party vendors who will want to control other sectors of the data management process.
The concerns by Microsoft echo sentiments that have been a major point of concern for many people in other sectors. Other studies that have been conducted elsewhere found out that businesses view cloud computing as the preferred technology that will help them cut costs in their businesses in internal IT. But there are issues which have been of great concern to many companies which include the role that the information technology department swill be performing (Lance, 2010). With the public cloud being trusted and preferred by many companies, the role of this department will be outsourced. There have been concerns that have been raised where
Microsoft acknowledges the fact that the right external provider of cloud computing will provide better security protection than providing it internally but he cites that the presence of security glitches will not be eradicated completely.
The IT background of the issue
Cloud computing is a technology where data and different applications are stored on storage networks and servers which are located in a remote place and accessed by the users via the Internet. This technology of cloud computing allows businesses and consumers to get access to applications without the need of installing them on their own on-site servers.
The diagram of the cloud computing is shown as below
The applications are installed on remote servers. In the normal way of applications use, consumers purchase licenses for application software from their software provider and install them on their on-site servers. In cloud computing case, it is On Demand basis where consumers pay a subscription fee for the service. The use of this technology increases efficiency because the storage, memory and processing are centralized.
There are two types of cloud computing which are listed thus
Software-as-a-Service (SaaS)
Platform-as-a-Service (PaaS)
With SaaS, applications are installed on the remote servers and then offered to the consumer as a service. A single instance of the application software is set to run on the cloud and serves multiple users or organizations. In the traditional software use, users would purchase the license and install them on their on-site servers. With cloud computing, the end-user will pay for the service as he uses it.
PaaS was adopted by companies so that they could deploy applications to the end-users. Most companies started by providing SaaS to the end-users. Most of these companies have also started developing platform services for the end-users. In PaaS, products are provided to enable applications to be deployed on the end-users. Platforms act as an interface to enable users to get access to applications which are provided by partners or by customers. Some of the big players in this cloud computing industry like Microsoft, Google and Amazon have provided platforms which include Windows Live for Microsoft, Apps Engine for Google and EC2 for Amazon. Providers like Amazon, Google, and Microsoft have developed platforms which enable users to gain access to applications stored on centralized servers.
The impact of the issue
Cloud computing has some attributes which must be assessed so that all matters of security and privacy is well tackled. The issue of data ownership needs to be addressed well with the deployment of cloud computing. The areas of data integrity, privacy of data, recovery of data, data ownership and evaluation of legal issues needs to be critically analyzed for risk to be minimized. Cloud computing providers like Google and their Apps engine, Amazon with their EC2 are providers whose computing can be defined as that with scalable IT-enabled capabilities which are delivered as a service to external clients by use of Internet technologies.
It is therefore imperative that customers must demand proper explanation of security policies and should know the measures that these providers are taking in place in order to assure their clients that they will not be exposed to security vulnerabilities in their course of their use of these services. They should also be able to identify vulnerabilities which were not anticipated at first (Miller, 2009).
There are a number of issues that have been debated about and that will need to be looked into with cloud computing.
These issues include the following
Users privileges
Regulatory compliance
Service provider location
Service provider security breaches
The first issue to be considered when deploying cloud computing is the privileges given to users in order to access their data. Data which are stored outside the premises of an enterprise brings with the issue of security. Hoe safe is the data Who else assesses the data Data which have been outsourced bypass the controls of the personnel of the enterprise. The client should get as much information as possible about how the data is stored and how the integrity of this data is catered for. The providers should be asked specific information about their hiring of privileged administrators who will manage the data.
The second issue to be considered is the regulatory compliance. The consumers are responsible for the security and integrity of their own data even when this data is held and stored by other providers (Mather, Kumaraswamy, Latif, 2009). In the case of traditional service providers, they are subjected to external audits by auditors who will normally check on the security policy of that enterprise. The cloud computing providers should accept to undergo these external audits and this should be agreed upon in written form.
The other security policy to be considered is about the location of the cloud. In most cases, consumers do not know where the cloud is located and even dont know which country it is. What they care is that their data is being stored somewhere. The providers should indicate, in written form, their jurisdiction and should accept to obey local security policies on behalf of the consumers.
Another issue is that consumers should be aware of the security breaches present with providers. Providers have always claimed that security is at its tightest in the cloud but this fact alone is not enough to assume security issues. It is good know that all security systems that have been breached were once infallible and so with newer technologies, they can be broken into. An example is Google which was attacked in 2007. Their Gmail services was attacked and had to make apologies. With this in mind, it is a good lesson to learn that even though systems might be tight in the cloud, it is not a full assurance that they will never be hacked. While providers of cloud computing face security threats, research has shown that cloud computing has become very attractive for cyber crooks. As the data become richer in the cloud, so should security become tighter.
Solutions to problems arising from the issue
One of the solutions that are proposed is to have regulations to govern the service providers. These regulations will help take care of the privacy issues of the data stored in the cloud. The government should regulate the providers of cloud computing services so that they provide standardized services to clients.
There should also be the provision backup services in an offsite location to take care of the loss of data in case it occurs. This will facilitate the retrieving of the data incase there is a security breach at the cloud computing center.
Companies should also set up policies that will be adhered to so that any data that is deployed to the cloud is well managed by both parties. The issue of managing the data should not be left for the service provider alone. This will therefore mean that the structure of the IT professionals will have to be reviewed. There will be a representative of the company who will liaise with the service provider to make sure that the issues that concern the company are ironed out with the provider.
Another solution with this is that there shall be a binding document that will bind the service provider to what the company will want to be addressed in such a setup. It is upon the two parties to decide what will be the contentious issues that will need urgent attention by both parties.
The company will also look for another backup of data apart from the data that is kept with the cloud computing provider. This will make sure that there will always be salvage in case the worst happens with the cloud computing provider. There are other times when the cloud computing companies will be having their own issues. It will not be good if the company is affected by the inconveniences caused by the service provider. Companies should make sure that there are two solutions that have been provided for the data that is being sent to the service providers.
When considering a service provider, the company should look for a provider which is located in an environment which they have no obstacles in terms of legal business transactions with the said country and if possible, should be located in the same country as the company. This will avoid problems which might arise due to politics and international working relations between the two countries.
Selection and use of the sources
In a survey carried out by Microsoft, it was found out that 58 of the public of US and 86 of business leaders are excited about the possibilities and the potential of this new technology. As this is the case, there are many issues that are not usually covered when cloud computing is discussed. What will happen to the control of the software that usually run on the servers within the data centers of the organizations This issue has not been definitely defined. When cloud computing takes shape, it will be difficult to control the ownership of the applications and the data of the company. There will be paradigm shift where processes will be outsourced to third-party vendors who will want to control other sectors of the data management process.
The concerns by Microsoft echo sentiments that have been a major point of concern for many people in other sectors. Other studies that have been conducted elsewhere found out that businesses view cloud computing as the preferred technology that will help them cut costs in their businesses in internal IT. But there are issues which have been of great concern to many companies which include the role that the information technology department swill be performing (Lance, 2010). With the public cloud being trusted and preferred by many companies, the role of this department will be outsourced. There have been concerns that have been raised where
Microsoft acknowledges the fact that the right external provider of cloud computing will provide better security protection than providing it internally but he cites that the presence of security glitches will not be eradicated completely.
The IT background of the issue
Cloud computing is a technology where data and different applications are stored on storage networks and servers which are located in a remote place and accessed by the users via the Internet. This technology of cloud computing allows businesses and consumers to get access to applications without the need of installing them on their own on-site servers.
The diagram of the cloud computing is shown as below
The applications are installed on remote servers. In the normal way of applications use, consumers purchase licenses for application software from their software provider and install them on their on-site servers. In cloud computing case, it is On Demand basis where consumers pay a subscription fee for the service. The use of this technology increases efficiency because the storage, memory and processing are centralized.
There are two types of cloud computing which are listed thus
Software-as-a-Service (SaaS)
Platform-as-a-Service (PaaS)
With SaaS, applications are installed on the remote servers and then offered to the consumer as a service. A single instance of the application software is set to run on the cloud and serves multiple users or organizations. In the traditional software use, users would purchase the license and install them on their on-site servers. With cloud computing, the end-user will pay for the service as he uses it.
PaaS was adopted by companies so that they could deploy applications to the end-users. Most companies started by providing SaaS to the end-users. Most of these companies have also started developing platform services for the end-users. In PaaS, products are provided to enable applications to be deployed on the end-users. Platforms act as an interface to enable users to get access to applications which are provided by partners or by customers. Some of the big players in this cloud computing industry like Microsoft, Google and Amazon have provided platforms which include Windows Live for Microsoft, Apps Engine for Google and EC2 for Amazon. Providers like Amazon, Google, and Microsoft have developed platforms which enable users to gain access to applications stored on centralized servers.
The impact of the issue
Cloud computing has some attributes which must be assessed so that all matters of security and privacy is well tackled. The issue of data ownership needs to be addressed well with the deployment of cloud computing. The areas of data integrity, privacy of data, recovery of data, data ownership and evaluation of legal issues needs to be critically analyzed for risk to be minimized. Cloud computing providers like Google and their Apps engine, Amazon with their EC2 are providers whose computing can be defined as that with scalable IT-enabled capabilities which are delivered as a service to external clients by use of Internet technologies.
It is therefore imperative that customers must demand proper explanation of security policies and should know the measures that these providers are taking in place in order to assure their clients that they will not be exposed to security vulnerabilities in their course of their use of these services. They should also be able to identify vulnerabilities which were not anticipated at first (Miller, 2009).
There are a number of issues that have been debated about and that will need to be looked into with cloud computing.
These issues include the following
Users privileges
Regulatory compliance
Service provider location
Service provider security breaches
The first issue to be considered when deploying cloud computing is the privileges given to users in order to access their data. Data which are stored outside the premises of an enterprise brings with the issue of security. Hoe safe is the data Who else assesses the data Data which have been outsourced bypass the controls of the personnel of the enterprise. The client should get as much information as possible about how the data is stored and how the integrity of this data is catered for. The providers should be asked specific information about their hiring of privileged administrators who will manage the data.
The second issue to be considered is the regulatory compliance. The consumers are responsible for the security and integrity of their own data even when this data is held and stored by other providers (Mather, Kumaraswamy, Latif, 2009). In the case of traditional service providers, they are subjected to external audits by auditors who will normally check on the security policy of that enterprise. The cloud computing providers should accept to undergo these external audits and this should be agreed upon in written form.
The other security policy to be considered is about the location of the cloud. In most cases, consumers do not know where the cloud is located and even dont know which country it is. What they care is that their data is being stored somewhere. The providers should indicate, in written form, their jurisdiction and should accept to obey local security policies on behalf of the consumers.
Another issue is that consumers should be aware of the security breaches present with providers. Providers have always claimed that security is at its tightest in the cloud but this fact alone is not enough to assume security issues. It is good know that all security systems that have been breached were once infallible and so with newer technologies, they can be broken into. An example is Google which was attacked in 2007. Their Gmail services was attacked and had to make apologies. With this in mind, it is a good lesson to learn that even though systems might be tight in the cloud, it is not a full assurance that they will never be hacked. While providers of cloud computing face security threats, research has shown that cloud computing has become very attractive for cyber crooks. As the data become richer in the cloud, so should security become tighter.
Solutions to problems arising from the issue
One of the solutions that are proposed is to have regulations to govern the service providers. These regulations will help take care of the privacy issues of the data stored in the cloud. The government should regulate the providers of cloud computing services so that they provide standardized services to clients.
There should also be the provision backup services in an offsite location to take care of the loss of data in case it occurs. This will facilitate the retrieving of the data incase there is a security breach at the cloud computing center.
Companies should also set up policies that will be adhered to so that any data that is deployed to the cloud is well managed by both parties. The issue of managing the data should not be left for the service provider alone. This will therefore mean that the structure of the IT professionals will have to be reviewed. There will be a representative of the company who will liaise with the service provider to make sure that the issues that concern the company are ironed out with the provider.
Another solution with this is that there shall be a binding document that will bind the service provider to what the company will want to be addressed in such a setup. It is upon the two parties to decide what will be the contentious issues that will need urgent attention by both parties.
The company will also look for another backup of data apart from the data that is kept with the cloud computing provider. This will make sure that there will always be salvage in case the worst happens with the cloud computing provider. There are other times when the cloud computing companies will be having their own issues. It will not be good if the company is affected by the inconveniences caused by the service provider. Companies should make sure that there are two solutions that have been provided for the data that is being sent to the service providers.
When considering a service provider, the company should look for a provider which is located in an environment which they have no obstacles in terms of legal business transactions with the said country and if possible, should be located in the same country as the company. This will avoid problems which might arise due to politics and international working relations between the two countries.
Selection and use of the sources
No comments:
Post a Comment